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Apache considered harmful 


Nov 22 2011 


c "Institutions wil try to preserve the problem to which they are the solution." -- Clay Shirky 
This is a hard article to write. The way | think about technology, open source, and community has 
been shaped by Apache and while | appreciate all they have done | no longer believe they embody 
the values they claim. 


Start with the basics. Why does Apache exist? 
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e "Institutions will try to preserve the problem to which they are the solution." -- Clay Shirky 


This is a hard article to write. The way | think about technology, open source, and community has 
f been shaped by Apache and while | appreciate all they have done | no longer believe they embody 
the values they claim. 


Start with the basics. Why does Apache exist? 
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О by Japheth Mast on Unsplash 


e Protect User Freedom 
e Protect and Empower Developers 
e Enable Collaboration 


(ECLIPSE 


COPYRIGHT (C) 2023, ECLIPSE FOUNDATION. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0) FOUNDATION 


“NE x 

S9. «SV — Fj Vie 
=. À 

| Ше 


Freedom 0 Freedom 1 EE Freedom 2 І Freedom 3 
-to run the -to study how EET -to ! -to distribute 


program, for the program | redistribute 7 copies of 

any purpose @ works, and f copies €, your 
change it to y sa modified 
make it do | IX versions to 
what you wish | ы others 


(ECLIPSE 


COPYRIGHT (C) 2023 ECLIPSE FOUNDATION | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0) FOUNDATION 


Foundation Processes Create a Level Playing Field 


Commercial vendors otter 


Com | el ot It | OTI differentiated commercial products 


INC luding certified boards 


Requirements . Product-Ready 
& Use Cases Value Line Technologies 


\ C ПЕ AN ^ti Y vendors and open source 
Col laboration contributors build core technologies 


Foundations creates the level 
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Rich culture 


of community wisdom 


Proven 


Project development & 
governance processes 


Track Record 
of nurturing thriving 


developer communities with 
audiences in the millions 
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lenges to the Open Source Community 
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\ User Freedoms Sustainability Security Regulation 
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Yes, open source licenses still matter! 


= Forbes 
Launch Of OpenTofu 
Spells Trouble For InfoWorld UNITED STATES v 
HashiCorp | The open source licensing war is over 


Its time for the open source Rambos to stop fighting and 
agree that developers care more about software's access and 
ease of use than the purity of its license. 
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By Matt Asay 
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Trademarks 
Vendor-neutrality 
Nonprofit stewardship 
IP management 
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Community support 
Foundation support 
Resource recruitment 
Managed end of life 
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Cybercrime: World’s 3rd Largest Economy 
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$10.5 Trillion in damages by 2025 


Software Supply Chain Attacks increase 742% in 3 years 


742% 


Average Growth Rate 
Year over Year 


Where are the Software Supply Chain Threats? 


A 4 а а à à A 


Developer E lU -—— > -— Package ma Consumer 


I 
I 
b. á 
I 
I 
I 
4 à а à à à à &- | 
Developer ыры Sour a ——›—| Package |—— Consumer Developer —| Source zm — Package = Sc m RC m 7 € йш ж / 
& 4 | boo i 
4 A à à à à A ; 4 A А à à à 4 | 
— [= | (te) | س | سس‎ — e | < LEX 
& 
https://slsa.dev/ 


COPYRIGHT (C) 2023, ECLIPSE FOUNDATION. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0) E C L l P S E 


FOUNDATION 


Infrastructure Ecosystem п IP Management 


for Open Development rn & Licensing 
Collaboration 


ECLIPSE 


COPYRIGHT (C) 2023, ECLIPSE FOUNDATION. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0) 


Infrastructure support 
Staff resources 
Security audits 
Training 

Reporting and tracking 
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0 software ate the world... 
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With great 
power comes 
great 
responsibility 


(ECLIPSE 


COPYRIGHT (C) 2023, ECLIPSE FOUNDATION. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0) FOUNDATION 


Industry 
Regulation 


THE WHITE HOUSE HIHI 


MAY 12, 2021 


Executive Order on Improving the 


Nation's Cybersecurity 


ГЛ > BRIEFING ROOM » PRESIDENTIAL ACTIONS 


By the authority vested in me as President by the 
Constitution and the laws of the United States of America, 
it is hereby ordered as follows: 


EU Cyber Resilience Act 


Ue 


For safer & more secure 
digital products 


#DigitalEU #CyberSecEU 


Calendar No. 677 


11774 CONGRESS 
2b Session 


S. 4913 


[Report No. 117-278] 


To establish the duties of the Director of the Cybersecurity and Infrastructure Security Agency 
regarding open source software security, and for other purposes. 


IN THE SENATE OF THE UNITED STATES 


SEPTEMBER 21, 2022 


Mr. Peters (for himself and Mr. Portman) introduced the following bill; which was read twice and referred to the Committee on 
Homeland Security and Governmental Affairs 


DECEMBER 19, 2022 


Reported by Mr. Peters, with amendments 


[Omit the part struck through and insert the part printed in italic] 


A BILL 


To establish the duties of the Director of the Cybersecurity and Infrastructure Security Agency 
regarding open source software security, and for other purposes. 


Be it enacted by the Senate and House of Representatives of the United States of America in 
Congress assembled, 


SECTION 1. SHORT TITLE. 


This Act may be cited as the "Securing Open Source Software Act of 2022". 
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“Responsibility must be placed on 

the stakeholders most capable of NATIONAL 

taking action to prevent bad 

outcomes, not on the end-users that CYBERSECURITY 
often bear the consequences of STRATEGY 
insecure software nor on the 
open-source developer of a 
component that is integrated into a 
commercial product." 


MARCH 2023 
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For safer & more secure 
digital products 


Af) fff #DigitalEU #CyberSecEU 
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e Trusted resource to policy makers 
e Community mobilization 
e Staff resources 
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Staff resources 

Policies and procedures 
Compliance and conformance 
Assumption of liability 
Insurance protection 
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User Freedoms 
Foundations are 


Sustainability 
Foundations help 
developers deal 
guarantors of user 
freedom by going 
beyond licensing 


ever-expanding 


Security 
Supply chain 
security is in 
everyone's 
interest 


lenges to the Open Source Community 


Regulation 


Government 
regulation of the 
technology 
industry is 
coming, and 
open source will 
be impacted 
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e Protect User Freedom 
e Protect and Empower Developers 
e Enable Collaboration 
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